NixOS OnlyOffice Hard-Coded Secret Vulnerability Allowing Document Access
Vulnerability
A vulnerability exists in the NixOS OnlyOffice module for the document server, specifically in versions 22.11 prior to 25.05 and versions before Unstable 25.11. The issue arises from a hard-coded secret used to protect the file cache, which could potentially allow an attacker with knowledge of a specific revision ID to access documents. While obtaining an arbitrary revision ID should be difficult, the vulnerability could lead to unauthorized access to documents from users with expired permissions.
Impact
Exploitation of this vulnerability could result in unauthorized access to documents through the use of the hard-coded secret, particularly those belonging to users with expired access rights.
Remediation
Users can pass their own security nonce file to mitigate this vulnerability. Instructions for doing so can be found in the NixOS OnlyOffice module documentation. The vulnerability has been patched in NixOS versions 25.05 and 25.11.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.